From a3b26d6c0839ec18d1dc226bb537d5067c86d574 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 12 Nov 2015 13:31:59 +0100 Subject: [PATCH] dirmngr: Do not block during ADNS calls. * dirmngr/dns-stuff.c: Include npth.h (my_unprotect, my_protect): New wrapper. (resolve_name_adns): Put unprotect/protect around adns calls. (get_dns_cert): Ditto. (getsrv): Ditto. (get_dns_cname): Ditto. Signed-off-by: Werner Koch --- dirmngr/Makefile.am | 1 + dirmngr/dns-stuff.c | 43 +++++++++++++++++++++++++++++++++++-------- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 009802ad6..c3bce0d98 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -142,6 +142,7 @@ t_ldap_parse_uri_SOURCES = \ t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS) +t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1 t_dns_stuff_SOURCES = t-dns-stuff.c dns-stuff.c t_dns_stuff_LDADD = $(t_common_ldadd) $(DNSLIBS) diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 6f3ce3912..200e1e209 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -51,10 +51,25 @@ # error Either getaddrinfo or the ADNS libary is required. #endif +#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ +# undef USE_NPTH +#endif +#ifdef USE_NPTH +# include +#endif + #include "util.h" #include "host2net.h" #include "dns-stuff.h" +#ifdef USE_NPTH +# define my_unprotect() npth_unprotect () +# define my_protect() npth_protect () +#else +# define my_unprotect() do { } while(0) +# define my_protect() do { } while(0) +#endif + /* We allow the use of 0 instead of AF_UNSPEC - check this assumption. */ #if AF_UNSPEC != 0 # error AF_UNSPEC does not have the value 0 @@ -231,6 +246,7 @@ resolve_name_adns (const char *name, unsigned short port, dns_addrinfo_t *r_dai, char **r_canonname) { gpg_error_t err = 0; + int ret; dns_addrinfo_t daihead = NULL; dns_addrinfo_t dai; adns_state state; @@ -251,8 +267,11 @@ resolve_name_adns (const char *name, unsigned short port, if (err) return err; - if (adns_synchronous (state, name, adns_r_addr, - adns_qf_quoteok_query, &answer)) + my_unprotect (); + ret = adns_synchronous (state, name, adns_r_addr, + adns_qf_quoteok_query, &answer); + my_protect (); + if (ret) { err = gpg_error_from_syserror (); log_error ("DNS query failed: %s\n", gpg_strerror (err)); @@ -629,6 +648,7 @@ get_dns_cert (const char *name, int want_certtype, #ifdef USE_DNS_CERT #ifdef USE_ADNS gpg_error_t err; + int ret; adns_state state; adns_answer *answer = NULL; unsigned int ctype; @@ -646,12 +666,15 @@ get_dns_cert (const char *name, int want_certtype, if (err) return err; - if (adns_synchronous (state, name, - (adns_r_unknown - | (want_certtype < DNS_CERTTYPE_RRBASE - ? my_adns_r_cert - : (want_certtype - DNS_CERTTYPE_RRBASE))), - adns_qf_quoteok_query, &answer)) + my_unprotect (); + ret = adns_synchronous (state, name, + (adns_r_unknown + | (want_certtype < DNS_CERTTYPE_RRBASE + ? my_adns_r_cert + : (want_certtype - DNS_CERTTYPE_RRBASE))), + adns_qf_quoteok_query, &answer); + my_protect (); + if (ret) { err = gpg_error_from_syserror (); /* log_error ("DNS query failed: %s\n", strerror (errno)); */ @@ -1001,8 +1024,10 @@ getsrv (const char *name,struct srventry **list) if (my_adns_init (&state)) return -1; + my_unprotect (); rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query, &answer); + my_protect (); if (rc) { log_error ("DNS query failed: %s\n", strerror (errno)); @@ -1241,8 +1266,10 @@ get_dns_cname (const char *name, char **r_cname) if (my_adns_init (&state)) return gpg_error (GPG_ERR_GENERAL); + my_unprotect (); rc = adns_synchronous (state, name, adns_r_cname, adns_qf_quoteok_query, &answer); + my_protect (); if (rc) { err = gpg_error_from_syserror ();